HPE Community
Software Defined Networking
1827439 Members
5332 Online
109965 Solutions
New Discussion

OpenFlow Instance with TLS -- how to create Certificate for OpenFlow?

 
RGBD
Occasional Advisor

‎01-29-2014 09:09 AM

‎01-29-2014 09:09 AM

OpenFlow Instance with TLS -- how to create Certificate for OpenFlow?

I get this error when trying to configure my OF instance on PV 3800 (KA_15_14):

 

3800B(config)# openflow instance vpatch controller-id 1 secure
Certificate for OpenFlow is not configured.
3800B(config)#

 

I tried to create self-signed cert from the web UI, but no luck.

 

Does anyone have the process for creating/getting the correct cert and installing?

 

The config guide just says you need one and is not specific on how to configure it.

0 Kudos
2 REPLIES 2
EricAtHP
Esteemed Contributor

‎01-29-2014 10:56 AM - edited ‎01-29-2014 10:58 AM

‎01-29-2014 10:56 AM - edited ‎01-29-2014 10:58 AM

Re: OpenFlow Instance with TLS -- how to create Certificate for OpenFlow?

First, if you are using the HP controller, the certificate used on the switch must be the signed by the same CA as the cert on the controller. So a self-signed cert won't work.

 

To install a CA signed cert on a provision based switch:

 

  • Set the time correctly (either manually or with SNTP/Timep)
  • Configure the identity of the switche with "crypto pki identity-profile"
  • Generate a CSR with "crypto pki create-csr" make sure you use the "usage" option in the command and specify "all" or "openflow"
  • Then take the CSR to a CA of your choice
  • Install the resulting certificate onto the switch with "crypto pki install-signed-certificate"

 

These commands are just the beginning of the command, use tab or ? to complete the command.

 

Hope that helps.

0 Kudos
sdnindia
Trusted Contributor

‎02-05-2014 03:34 AM

‎02-05-2014 03:34 AM

Re: OpenFlow Instance with TLS -- how to create Certificate for OpenFlow?

Hello,

Just following up to see if the previous post answers your query.

Please feel free to reply incase you have more questions around the same topic or open a new thread if new  topic.
If you feel we have answered your question, please do let us know by marking this response as an 'accepted solution’.

Thanks
HP SDN Team

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.